• Home
  • Articles
  • [Aug-2021] Pass Huawei H12-711-ENU Exam in First Attempt Guaranteed! [Q99-Q122]

[Aug-2021] Pass Huawei H12-711-ENU Exam in First Attempt Guaranteed! [Q99-Q122]

Share

[Aug-2021] Pass Huawei H12-711-ENU Exam in First Attempt Guaranteed!

Full H12-711-ENU Practice Test and 290 unique questions with explanations waiting just for you, get it now!

NEW QUESTION 99
The European TCSEC Code is divided into two modules, Function and Evaluation, which are mainly used in the military, government and commercial fields.

  • A. True
  • B. False

Answer: A

 

NEW QUESTION 100
Which of the following description is wrong about the Intrusion Prevention System (IPS)?

  • A. IPS devices can be blocked in real time once they detect intrusion
  • B. IPS devices can be cascaded at the network boundary and deployed online
  • C. IDS devices need to be linked to the firewall to block the intrusion.
  • D. IPS devices cannot be bypassed in the network.

Answer: D

 

NEW QUESTION 101
In the IPSec VPN transmission mode, which part of the data packet is encrypted?

  • A. New IP packet header
  • B. Transport layer and upper layer data packet
  • C. Network layer and upper layer data packet
  • D. Original IP packet header

Answer: B

 

NEW QUESTION 102
After the network intrusion event occurs, according to the plan to obtain the identity of the intrusion, the attack source and other information, and block the intrusion behavior, which links of the above actions are involved in the PDRR network security model? (Multiple Choice)

  • A. Response link
  • B. Recovery link
  • C. Testing link
  • D. Protection link

Answer: A,C

 

NEW QUESTION 103
Which of the following are the basic functions of anti-virus software? (Multiple Choice)

  • A. Find virus
  • B. Defend virus
  • C. Copy virus
  • D. Clear virus

Answer: A,B,D

 

NEW QUESTION 104
There are various security threats in the use of the server. Which of the following options is not a server security threat?

  • A. Malicious programs
  • B. Natural disasters
  • C. Hacking
  • D. DDos attack

Answer: B

 

NEW QUESTION 105
In the USG series firewall, you can use the ______ function to provide well-known application services for non-known ports.

  • A. Port mapping
  • B. MAC and IP address binding
  • C. Long connection
  • D. Packet filtering

Answer: A

 

NEW QUESTION 106
When the firewall hard disk is in place, which of the following is correct description for the firewall log?

  • A. The administrator can use the threat log to understand the user's security risk behavior and the reason for being alarmed or blocked.
  • B. The administrator can learn the security policy of the traffic hit through the policy hit log, and use it for fault location when the problem occurs.
  • C. The administrator can advertise the content log to view the detection and defense records of network threats.
  • D. The administrator knows the user's behavior, the keywords explored, and the effectiveness of the audit policy configuration through the user activity log.

Answer: B

 

NEW QUESTION 107
Which of the following is not in the quintuple range?

  • A. Source IP
  • B. Destination IP
  • C. Source MAC
  • D. Destination port

Answer: C

 

NEW QUESTION 108
Which of the following descriptions about IKE SA is wrong?

  • A. IKE SA servers for IPSec SA
  • B. IKE SA is two-way
  • C. IKE is a UDP- based application layer protocol
  • D. The encryption algorithm used by user data packets is determined by IKE SA.

Answer: D

 

NEW QUESTION 109
The vulnerability that has not been discovered is the 0 day vulnerability.

  • A. False
  • B. True

Answer: A

 

NEW QUESTION 110
Which of the following attacks is not a cyber-attack?

  • A. Smurf attack
  • B. MAC address spoofing attack
  • C. IP spoofing attack
  • D. ICMP attack

Answer: B

 

NEW QUESTION 111
Manual auditing is a supplement to tool evaluation. It does not require any software to be installed on the target system being evaluated, and has no effect on the operation and status of the target system.
Which of the following options does not include manual auditing?

  • A. Manual inspection of the database
  • B. Manual inspection of network equipment
  • C. Manual detection of the host operating system
  • D. Manual inspection of the administrator's operation of the equipment process

Answer: D

 

NEW QUESTION 112
Which of the following attacks is not a malformed message attack?

  • A. Smurf attack
  • B. ICMP unreachable packet attack
  • C. TCP fragment attack
  • D. Teardrop attack

Answer: B

 

NEW QUESTION 113
The preservation of electronic evidence is directly related to the legal effect of evidence, and it is in conformity with the preservation of legal procedures, and its authenticity and reliability are guaranteed. Which of the following is not an evidence preservation technique?

  • A. Packet tag tracking technology
  • B. Digital signature technology
  • C. Encryption technology
  • D. Digital certificate technology

Answer: A

 

NEW QUESTION 114
Which of the following options belong to the necessary configuration for the firewall double hot standby scenario? (Multiple Choice)

  • A. hrp enable
  • B. hrp interface interface-type interface-number
  • C. hrp preempt [delay interval]
  • D. hrp mirror session enable

Answer: A,B

 

NEW QUESTION 115
ASPF (Application Specific Packet Filter) is a kind of packet filtering based on the application layer, it checks the application layer protocol information and monitor the connection state of the application layer protocol. ASPF by Server Map table achieves a special security mechanism.
Which statement about ASPF and Server map table are correct? (Multiple choice)

  • A. ASPF monitors the packets in the process of communication
  • B. quintuple server-map entries achieve a similar functionality with session table
  • C. ASPF dynamically create and delete filtering rules
  • D. ASPF through server map table realize dynamic to allow multi-channel protocol data to pass

Answer: A,C,D

 

NEW QUESTION 116
Which of the following are the main implementations of gateway anti-virus? (Multiple choice)

  • A. File killing method
  • B. Agent scanning method
  • C. Stream scanning method
  • D. Package inspection method

Answer: B,C

 

NEW QUESTION 117
Which of the following are parts of the PKI architecture? (Multiple Choice)

  • A. Certification Authority
  • B. Certificate Storage organization
  • C. End entity
  • D. Certificate Registration Authority

Answer: A,B,C,D

 

NEW QUESTION 118
Which of the following is not part of a digital certificate?

  • A. Private key
  • B. Issuer
  • C. Public key
  • D. Validity period

Answer: A

 

NEW QUESTION 119
Digital certificates can be divided into local certificates, CA certificates, root certificates and self-signed certificates according to different usage scenarios.

  • A. True
  • B. False

Answer: A

 

NEW QUESTION 120
The tunnel addresses at both ends of the GRE tunnel can be configured as addresses of different network segments.

  • A. True
  • B. False

Answer: A

 

NEW QUESTION 121
The scene of internal users access the internet as shown, the subscriber line process are:
1. After authentication, USG allow the connection
2. The user input http://1.1.1.1 to access Internet
3. USG push authentication interface, User =? Password =?
4. The user successfully accessed http://1.1.1.1, equipment create Session table.
5. User input User = *** Password = ***
Which the following procedure is correct?

  • A. 2-1-3-5-4
  • B. 2-5-3-1-4
  • C. 2-3-5-1-4
  • D. 2-3-1-5-4

Answer: C

 

NEW QUESTION 122
......

Get Latest H12-711-ENU Dumps Exam Questions in here: https://www.itcertmagic.com/Huawei/real-H12-711-ENU-exam-prep-dumps.html

Related Articles

more
Huawei H12-711-ENU Certification Practice Exam